Announcement

Collapse
No announcement yet.

Linux 4.15-rc8 Bringing BPF Security Improvements For Fending Speculative Attacks

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Linux 4.15-rc8 Bringing BPF Security Improvements For Fending Speculative Attacks

    Phoronix: Linux 4.15-rc8 Bringing BPF Security Improvements For Fending Speculative Attacks

    With the Linux 4.15-rc8 kernel that is expected for release today as the final step before Linux 4.15, it's still seeing continued security improvements in the wake of the Spectre CPU vulnerabilities...

    Linux 4.15-rc8 Bringing BPF Security Improvements For Fending Speculative Attacks - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=Linux-4.15-rc8-BPF-Security
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Here are the Spectre v2 kernel options:
    x86/spectre: Add boot time option to select Spectre v2 mitigation
    x86/spectre: Add boot time option to select Spectre v2 mitigation - kernel/git/torvalds/linux.git - Linux kernel source tree
    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da285121560e769cc31797bba6422eea71d473e0


    + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2
    + (indirect branch prediction) vulnerability. System may
    + allow data leaks with this option, which is equivalent
    + to spectre_v2=off.

    + spectre_v2= [X86] Control mitigation of Spectre variant 2
    + (indirect branch speculation) vulnerability.
    +
    + on - unconditionally enable
    + off - unconditionally disable
    + auto - kernel detects whether your CPU model is
    + vulnerable
    +
    + Selecting 'on' will, and 'auto' may, choose a
    + mitigation method at run time according to the
    + CPU, the available microcode, the setting of the
    + CONFIG_RETPOLINE configuration option, and the
    + compiler with which the kernel was built.
    +
    + Specific mitigations can also be selected manually:
    +
    + retpoline - replace indirect branches
    + retpoline,generic - google's original retpoline
    + retpoline,amd - AMD-specific minimal thunk
    +
    + Not specifying this option is equivalent to
    + spectre_v2=auto.

    Comment

    Previous template Next
    Working...
    X